A Cisco-Based Proposal for Arne Core Routing InfrastructureAll
Regis University Theses
Fall 2009
A Cisco-Based Proposal for Arne Core Routing Infrastructure
Ingrimar James Regis University
Follow this and additional works at:
https://epublications.regis.edu/theses
Part of the Computer Sciences Commons
This Thesis - Open Access is brought to you for free and open
access by ePublications at Regis University. It has been accepted
for inclusion in All Regis University Theses by an authorized
administrator of ePublications at Regis University. For more
information, please contact
[email protected].
Recommended Citation James, Ingrimar, "A Cisco-Based Proposal for
Arne Core Routing Infrastructure" (2009). All Regis University
Theses. 50. https://epublications.regis.edu/theses/50
Final Project/Thesis
Disclaimer
Use of the materials available in the Regis University Thesis
Collection (“Collection”) is limited and restricted to those users
who agree to comply with the following terms of use. Regis
University reserves the right to deny access to the Collection to
any person who violates these terms of use or who seeks to or does
alter, avoid or supersede the functional conditions, restrictions
and limitations of the Collection. The site may be used only for
lawful purposes. The user is solely responsible for knowing and
adhering to any and all applicable laws, rules, and regulations
relating or pertaining to use of the Collection. All content in
this Collection is owned by and subject to the exclusive control of
Regis University and the authors of the materials. It is available
only for research purposes and may not be used in violation of
copyright laws or for unlawful purposes. The materials may not be
downloaded in whole or in part without permission of the copyright
holder or as otherwise authorized in the “fair use” standards of
the U.S. copyright laws and regulations.
2
Abstract
opportunities for students to engage in proposing, designing,
building and testing various
projects related to information technology. There are several
ongoing projects designed to
upgrade, improve or revamp some aspect of the Academic Research
Network, generally
referred to as ARNe, and services or applications that are a part
of its architecture. Regis
University is in the process of replacing their current
architecture and equipment that
forms the core of ARNe in order to facilitate further upgrades and
new projects within
various aspects of ARNe. This paper examines and proposes a
Cisco-based routing
solution utilizing Cisco ISR routing platforms for interconnecting
the core WAN,
providing a high-performance, scalable, and flexible solution for
immediate and future
needs.
3
Acknowledgements
I would, first of all, like to thank God for giving me the strength
and endurance to excel
in each class and to see this program to completion. I would also
like to thank my wife
for supporting me all the way and for putting up with all the long
hours I spent locked
away working on this degree. I would also like to acknowledge my
professors for
providing me with very insightful information and for enabling me
to acquire skills and
knowledge that were immediately useful, and that enable me to
expand my career.
4
Hardware
.....................................................................................................................
9 Design and Protocol
..................................................................................................
10
Approach
.....................................................................................................................
10 Research:
...................................................................................................................
10
Selection:...................................................................................................................
11 Design:
......................................................................................................................
11
Thesis Statement:
........................................................................................................
12 : Research
.......................................................................................................
13 Chapter 2
Cisco Router Hardware Platform.
............................................................................
13 Cisco 2800 Series Integrated Services Router
.......................................................... 13
Secure Network Connectivity for Data Voice and Video
...............................................................14
Converged IP and Wireless Communications
.................................................................................14
Integrated Services
..........................................................................................................................15
Dynamic Routing
Protocols......................................................................................
24 EIGRP Operational Overview
..................................................................................
26
Flexibility
..................................................................................................................
28 Scalability
.................................................................................................................
29 Performance
..............................................................................................................
30 Configuration and Management
...............................................................................
30 Cost Factor
................................................................................................................
34
Building the ARNe WAN
Core..................................................................................
37 Physical Design Characteristics
................................................................................
37 WAN Design
Characteristics....................................................................................
39 Core Layer Management and
Protocols....................................................................
40
List of Figures
Figure 2 - 1. Cisco 1841 Router: Secure Network Connectivity.
(Cisco Systems). ........ 19 Figure 2 - 2. A Star WAN Topology.
...............................................................................
23
Figure 3 - 1. Cisco Command Line Interface.
..................................................................
31 Figure 3 - 2. SDM screen (Cisco
Systems).......................................................................
33 Figure 3 - 3. SDM Firewall configuration wizard (TechRepublic)
................................. 33 Figure 3 - 4. Cisco 2811
Router (CDW)
..........................................................................
35 Figure 3 - 5. Cisco 1841 Router (CDW)
..........................................................................
35 Figure 3 - 6. Cisco WAN Adapter HWIC-4T (CDW)
..................................................... 36 Figure 3 -
7. Cisco WAN Adapter WIC-1DSU-T1-V2 (CDW)
...................................... 36 Figure 3 - 8. Denver
(DTC) Physical Connection.
........................................................... 38
Figure 3 - 9. Remote Sites Physical
Connection..............................................................
39 Figure 3 - 10. ARNe Core Routing Topology.
................................................................
40
6
List of Tables
Table 2 - 1. Architecture features and benefits. (Cisco Systems)
................................... 16 Table 2 - 2. Chassis
Specifications. (Cisco Systems).
.................................................... 17 Table 2 -
3. Cisco 1841 Router: Architecture Features and Benefits.
............................ 21
7
Background
Regis University presents a number of opportunities for graduate
students within
the School of Computing and Information Sciences to gain hands on
experience in their
program of study. Students seeking to complete their thesis can
apply for and be accepted
into the Systems Engineering and Application Development (SEAD)
Practicum where
they engage in proposing, designing, building and testing various
projects. A number of
projects are ongoing and were designed to upgrade, improve or
revamp some aspect of
the Academic Research Network, generally referred to as ARNe, and
services or
applications that are a part of its architecture. According to the
SEAD website
(http://trackit.arn.regis.edu/sead/new_page1.htm), SEAD’s mission
is to:
1. Support the SCIS curriculum by providing hands-on experience
with
software and hardware.
2. Provide a stimulating environment for students to complete
their
professional project.
administrators and system engineering students.
The SEAD organizational structure is that of an IT company that
follows the Information
Technology Infrastructure Library (ITIL) framework and is SOA
based. ITIL, as defined
by the official website, ITIL consists of a series of books that
provide guidance on the
provisioning of quality IT services and the supporting
infrastructure. Additionally, ITIL
provides consistent and comprehensive documentation in regards to
applying best
practices for IT Service Management. Applying ITIL guidance results
in benefits such as
reduced costs, improved IT services, improved customer
satisfaction, standards and
guidance, and improved productivity (ITIL, itil-officialsite.com).
The Service Oriented
Architecture (SOA) is an architectural style that separates the
services or functionality
that a system can provide from service consumers. The service
consumers are systems
that need that functionality. By separating or decoupling the
services from service
consumers a more flexible architecture is developed and can be
easily reconfigured
without completely revamping the entire system (McGovern, 2004
p.63). SEAD features
operating groups that include Systems, Data, Application
Development, Integrated
Services and Networking. These groups are responsible for parts of
the architecture that
consist of server management, security, data storage, application
development, and help
desk (Regis University,
trackit.arn.regis.edu/sead/new_page1.htm).
Regis University is in the process of replacing their current
architecture and
equipment that forms the core of ARNe. This upgrade in
infrastructure and architecture
will provide a platform for further upgrades and new projects
within various aspects of
ARNe. The current core infrastructure does not adequately enable
Regis to realize these
goals and is not as flexible and scalable to support current and
future projects. The core
of the WAN will be used to transport packets among the various
sites within ARNe.
Therefore, the core should facilitate high speed transporting of
traffic as well as low-
latency packet transmission in order to provide a satisfactory
experience for all users. The
performance of the core routers is paramount as the quality of
routing process and the
transmission of packets is highly dependent on the architecture of
the router—hardware
and software. Also, the type of routing protocol used should be
carefully considered as
each protocol has its share of benefits and shortcomings (Cernick,
et al, 2000 p.15-18).
The proposed routing solution should be flexible and scalable to
accommodate current
and future project goals and design changes.
Proposed Solution
The proposed solution for this project is Cisco-centric: focuses on
Cisco’s routing
platforms and Cisco’s routing protocol. What this means is that,
based upon the
requirements of the team evaluating ARNe’s core infrastructure as
well as the network
equipment supporting the core, a proposal to replace the said
equipment with a Cisco
solution was required. This document examines only the core layer
and does not venture
beyond the perimeter of the network. However, items mentioned such
as the routing
protocol could also affect the distribution and access layer of the
network, depending on
the design.
Hardware
The type of routing platform that should be used in the WAN
core.
The vendor (Cisco) solution that best meets the needs of ARNe. This
refers to the
series and specific model of router.
The benefits of using this / these routing platforms. Cisco
manufactures a myriad
of routers with various purposes. In this case, as it is with any
other case, the
solution that presents the most benefits, without going overboard
is desirable.
Two models, one each from the Cisco 1800 and 2800 Integrated Series
Router
platforms are proposed, with one model 2811
10
(www.cisco.com/en/US/prod/collateral/routers/ps5854/ps5882/product_data_shee
t0900aecd8016fa68.pdf) being better suited for the main site and a
different
model, 1841
(www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet0900ae
cd8016a59b.pdf) being more suited for the remote locations. Both
platforms are
discussed in detail in chapter two and subsequent chapters.
Design and Protocol
The WAN topology affects performance, redundancy and a number of
other
issues. The solution proposed in this document favors the star or
hub-and-spoke
topology.
One of the benefits of the proposed topology is more simplified
network
management. Other benefits are discussed subsequently.
There are several choices for interior routing protocols: RIP (IETF
RFC’s 1058;
1723; 2453), OSPF (IETF RFC’s 1131; 2328), IGRP and EIGRP. Each
protocol
is examined to determine the best option to be used in conjunction
with the Cisco
centric WAN core.
Approach
Research:
In order to provide what this author believes is the best solution,
information was
gathered on the current WAN infrastructure of ARNe to determine the
requirements.
Additional research was done on Cisco’s routing platforms,
including identifying
benefits, concerns and costs. Further research was also done on
supporting IP routing
protocols as well as ideal WAN topologies that will meet or exceed
the needs of the
ARNe core.
After researching the various routing solutions that Cisco
provides, the specific
platforms were chosen. Additionally, it is assumed that other
network hardware in the
form of wan interface cards would be needed to connect each router
to the leased
circuit at its location. Since the routers will be routing packets
between sites, the ideal
routing protocol was selected that takes into consideration the
hardware platform that
is being used, the WAN topology that will be utilized, performance
and management.
Design:
The design of ARNe’s WAN core features at least seven different
sites, including the
main site in Denver, CO. The WAN is designed using the proposed WAN
topology
and diagrammed with links to each remote site and the main site. In
an ideal world,
each site will connect using private T1 leased lines. But, factors
such as cost,
availability and bandwidth requirements will eventually determine
the type of
connectivity at each location. The design not only addresses the
logical layout of the
WAN, but it also addresses the physical hardware interconnectivity
used at each
location.
12
Since this document is, for the most part, a proposal, the actual
implementation will be
done by another party or group. Having said that, it is
understandable that design, as well
as other functional aspects may change. There may also be other
factors such as cost,
individual skill levels, shift in project focus, and other changes
that may alter the
implementation of this proposal.
Thesis Statement:
To research and propose a Cisco Systems based solution that
adequately supports the
demands of the Regis ARNe WAN infrastructure at the core layer.
ARNe is the Regis
Academic Research Network that provides Information Technology
students with a
platform for gaining hands-on experience in research and
development of technology
aspects of the Regis University network
(http://trackit.arn.regis.edu). This proposed
solution takes into consideration the current needs of ARNe and
possible future
requirements and projects.
Cisco Router Hardware Platform.
Interconnecting the main site to the remote sites requires routing
hardware that
connects to the current ISPs at each location. Since this document
proposes the Cisco
routing platform for interconnecting the WAN, two separate hardware
routers should be
used. The first router platform for use at the main site in Denver,
CO, is the Cisco 2800
series Integrated Services Router. In this case the 2811 modular
router.
Cisco 2800 Series Integrated Services Router
Many organizations need to link their remote locations with their
main
headquarters, to optimize business processes, share data, improve
communication and
provide better customer support. To supply this demand, several
vendors have
manufactured and marketed routing platforms. Cisco Systems is one
of such companies
who have successfully designed several routing platforms, with a
vast range of features
and functionalities that customers can choose from to meet their
needs. The 2800 Series
Integrated Series Router (ISR) provides an option for small to
medium-sized
organizations to enable wide area networking among many
locations.
The 2800 ISR consists of four platforms. These include the Cisco
2801, 2811,
2821 and 2851. This series aims to provide similar price points to
prior generations of
similar Cisco routers while offering major performance (up to
fivefold) and security (up
to tenfold) improvements, embedded service options, increased slot
density and
performance and maintains support for over ninety (90) existing
modules that are
14
available for the Cisco 2600, 3700 and 1700 series routers (Cisco
2800 Series Integrated
Services Routers, 2008 p.1).
Further, the 2800 series ISR can deliver multiple high-quality
services
simultaneously and at wire speed to multiple T1 connections.
Additionally, they provide
embedded encryption, acceleration and built-in voice
digital-signal-processor slots. The
2800 series ISRs also feature an intrusion prevention system,
firewall functionality,
integrated call processing and voicemail support, if necessary,
high density interfaces that
support a wide range of wireless and wired connectivity
options.
Secure Network Connectivity for Data Voice and Video
In order to enhance a network’s security posture, the 2800 series
ISR features
integrated security that facilitates an end-to-end secure delivery
of converged services
and applications. With the IOS Advanced Security feature set,
customers can utilize
features such as the software firewall, VPN, intrusion prevention,
IPSec, SNMPv3, SSH
and advanced application inspection. Also, the 2800 routers offer a
range of security and
acceleration hardware such as the advanced integration modules
(AIM) for encryption
(Cisco 2800 Series Integrated Services Routers, 2008, p.2).
Converged IP and Wireless Communications
The 2800 series provides the option to integrate call processing
for Cisco IP
telephones (wired and cordless) within the IOS in a service called
Cisco CallManager
Express. Therefore, customers that already have data connectivity
implemented who are
interested in deploying a converged IP telephony system for up to
ninety-six IP phones
15
can do so using the same platform as their data platform. This is
due to the 2800 series’
ability to concurrently deliver secured data, voice and IP
telephony on a single platform.
The Cisco 2800 series routing platform provides wireless solutions
for small to
medium-sized businesses. Routers in this series support integrated
access points that
enable wireless LAN connectivity, wireless infrastructure services
for cordless WLAN
telephones, as well as land mobile radio over IP for radio users
(Cisco 2800 Series
Integrated Services Routers, 2008 p.2).
Integrated Services
Because of the integrated functionality of the 2800 series
platform, organizations
can securely deploy IP communications and IP routing while leaving
interface and
module slots available for additional advanced services. Customers
can integrate
standalone network appliance functions and components into the
chassis itself. Many of
these modules have embedded hard drives and processors that enable
them to run largely
independently of the router while allowing management from a single
interface. This
expands the capability and application of the 2800 series ISR
beyond traditional routing
(Cisco 2800 Series Integrated Services Routers, 2008 p.3).
16
Source: Cisco 2800 Series Integrated Services Routers, p.4
17
Source: Cisco 2800 Series Integrated Services Routers, p.8
18
The Cisco 2800 series Integrated Service Platform provides high
performance, security,
flexibility and scalability that would provide an excellent
solution for a corporate
headquarters or main site to enable satellite or remote locations
to connect to services at
its location. However, remote sites may not need all of the
functions and features of a
2800 series ISR. To address such cases, Cisco provides a smaller
scale, integrated routing
platform called the 1800 Series Integrated Services Router.
Cisco 1800 Series Integrated Services Router
The Cisco 1800 Series ISRs are produced in two configurations:
fixed and
modular. However, in order to provide the most flexibility in this
platform, the modular
configuration option, which is the 1841 router, will be used at
each remote location in the
ARNe network.
Cisco designed the 1800 Series to be the next evolution of the 1700
Series
modular access router. Similarly to the 2800 Series platform, the
1800 Series was
designed for secure data connectivity while adding significant
performance advantages
over the 1700 Series router as well as integrated hardware-based
encryption. The 1841
router also maintains support for more than thirty (30) existing
WAN interface cards and
multiflex trunk cards such as VWICs (Cisco 1800 Series Integrated
Services Routers:
Cisco 1841 Router, 2008 p.1). By providing support for existing WIC
and VWIC cards,
Cisco enables customers who have purchased such cards for use on
other platforms to
protect their investments by not having to purchase new cards
exclusively for the 1841
router.
19
The 1841 router enables fast and high-quality delivery of multiple
concurrent
services for small and medium-sized businesses. It features
optional VPN, intrusion
prevention, and firewall functions, thus providing embedded
security at the access edge.
The 1841 router also provides support for SSH, IPSec, SSL VPN,
Network Admissions
Control and SNMP in one IOS solution set (Cisco 1800 Series
Integrated Services
Routers: Cisco 1841 Router, 2008 p.1). Figure 2-1 illustrates how
an 1841 router may be
used to provide secure network connectivity to other corporate
locations.
Figure 2 - 1. Cisco 1841 Router: Secure Network Connectivity.
(Cisco Systems).
Source: Cisco 1800 Series Integrated Services Routers: Cisco 1841
Router
(modular) p. 2
The high-performance integrated services architecture of the Cisco
1841 router
enables businesses to simultaneously deploy services such as data
communications along
with traditional IP routing at wire-speed. This platform also
provides flexibility to
integrate a vast array of services, modules and interface cards,
making the 1841 a
standalone secure data solution (Cisco 1800 Series Integrated
Services Routers: Cisco
1841 Router, 2008 p.2-3).
The enhanced modular design of the 1841 router was designed to
provide
increased bandwidth and performance that can effectively support
concurrent secure
applications. Specifically designed to meet the needs of small and
medium-sized
business, the 1841 router along with the 2800 Series Integrated
Services Router provide
organizations with the broadest range of secure connectivity in
addition to availability
and reliability features (Cisco 1800 Series Integrated Services
Routers: Cisco 1841
Router, 2008 p.3). Table 2-3 below lists architecture feature and
benefits of the 1841
router.
21
Table 2 - 3. Cisco 1841 Router: Architecture Features and
Benefits.
Source: Cisco 1800 Series Integrated Services Routers: Cisco 1841
Router (modular) p.3
WAN Topology
With each remote site requiring connectivity to ARNe, an
appropriate WAN
topology needs to be selected that will meet the needs of ARNe and
provide the most
cost-effective solution. There are several WAN topology options to
choose from and each
has its own set of benefits and shortcomings. Since the Denver Tech
Center is the main
site, the other locations are considered smaller branches that
require interconnection to
the main site. Normally, relatively smaller branches tend to have a
single WAN
22
connection to the headquarters or main site. In this configuration,
the smaller sites
typically collapse many services into a single networking product
such as a Cisco
Integrated Services Router (Doherty et. al, 2008 p.114).
The typical WAN topologies used today are mesh, which includes
either full or
partial mesh, ring topology and star topology. In a full mesh WAN
topology, a separate
dedicated link, such as a point-to-point leased line is used at
each site to connect to every
other site in the WAN. So if you have five offices in different
cities, each office has four
separate WAN links that connect it to the other offices. While this
configuration provides
the greatest amount of fault tolerance and network efficiency, it
can be very expensive
and wasteful, especially if the network does not generate enough
traffic between sites to
fully utilize all the links (Zacker, 2001 p.280-81). A partial mesh
WAN is similar to a full
mesh except that it does not interconnect every site to each other.
Instead site links are
carefully chosen based on the premise that not every site needs to
be directly connected
to every other site. This means that there are fewer links
involved; but cost is also
reduced (Zacker, 2001 p.280-81).
A ring topology connects each site to two other sites, for
instance. This topology
typically uses one more link than a star topology but offers
improved fault tolerance. The
problem with this configuration is that it introduces a delay by
the need for traffic to pass
through multiple sites in order to reach to its destination
(Zacker, 2001 p.282). A ring is
not used as often as the other topologies in this discussion.
The WAN star topology provides interconnectivity by linking all
remote sites to
the main site or headquarters, usually via a single link at each
location. In a star, the core
router at the main site serves as the hub for the other WAN
connections. Another name
23
for this configuration is the hub-and-spoke topology. The core
router connects to each
branch or remote site, and sites can only communicate with each
other by passing their
traffic through the core router at the main site. Although the star
topology is not as fault
tolerant as the mesh topology and can present some performance
concerns, it does
provide the advantage of simplified and centralized WAN topology
management as well
as reduced costs (Bruno, 2004 p.165). Additionally, in comparison
to a partial mesh
WAN, each site in the star is never more than two hops away from
another site that needs
to communicate with it.
Site A (Main Site)
Site C Site B
Site D Site E
Routing Protocol
Routing IP traffic efficiently between sites is necessary to ensure
that network
performance is as optimal as possible. Routes to each location is
contained within the
routing tables on each core router and routed protocols such as IP
traverses the WAN
utilizing the best route to its destination. In order to populate
the routing table on a router,
administrators can utilize static routes in which the destination’s
route is hard entered into
the router by using the Cisco IOS command “ip route.” When only
static routes are used,
routers can only forward packets to those defined destinations.
Defining static routes
work well for a small WAN. However, scalability can become an issue
since it is difficult
to manage with larger networks, as each route will need to be
defined on each router.
Dynamic Routing Protocols
Dynamic routing protocols such as OSPF, RIP, IGRP and EIGRP enable
the
router to dynamically learn or discover routes automatically. The
dynamic routes adjust
to network topology changes and can forward packets to over any
discoverable route. An
advantage that dynamic routing protocols have over static routing
protocols is that they
can automatically adapt to changes in network topologies such as
outages; static routing
cannot do that (Castelli, 2002 p.685-86).
Any of the above mentioned interior routing protocols can be
utilized on a Cisco
router. However, both IGRP and EIGRP are exclusive to Cisco and can
only be used in a
Cisco environment unless route redistribution is used. Route
redistribution, according to
25
McFarlane (2006), pertains to the process of importing routes that
were learned from
other sources into a particular routing protocol. These sources
include static routes, routes
from another routing protocol, and directly connected routes
(Network routing basics,
chpt. 10). Each interior routing protocol can be categorized into
either a Distance-vector
or a Link-state protocol; with each having its own set of features,
benefits and
disadvantages. The exception to this is EIGRP, the Cisco
proprietary protocol, which is
more of a hybrid protocol. Both RIP and IGRP are Distance-vector
protocols. Basically,
Distance-vector protocols advertise routing information by sending
messages that are
called routing updates. The updates include information such as the
subnet and metric.
The metric represents how good the route is; the smaller the
number, the better the route
is considered to be (Odom, 2003 p. 411). Distance-vector protocols
are slow to converge
when there is a failure. And RIP, or instance can be very “chatty”
as it transmits full
routing tables every thirty seconds. It also is limited to a
maximum of fifteen hops for its
metric.
OSPF is a Link-state protocol. Link-state protocols enable each
router to devise a
complete map of the network topology by advertising a large amount
of topological
information, which is processed using the Dijkstra Shortest Path
First (SPF) algorithm.
OSPF uses cost for its metric; converges very quickly if there is a
failure; supports
VLSM; uses short Hello messages on a short regular interval instead
of full updates—
minimizing network traffic; and sends partial updates when a link
changes (Odom, 2003
p. 417-8).
Hill (2002) states that the EIGRP protocol is a hybrid interior
routing protocol
that incorporates the best features of both link-state and
distance-vector protocols and
26
adds some of its own functionality. EIGRP reduces network and
router overhead by
multicasting routing updates, sending routing updates only when a
network change is
detected, updating only the routers that need to be aware of the
topology change, and
sending changes only to the routing table rather than the entire
table. EIGRP supports
VLSM and CIDR since it includes the subnet mask in routing updates.
It also supports
discontiguous networks and manual route summarization. The EIGRP
protocol is
extremely fast at converging in the event of a failure. A typical
convergence occurs in a
matter of seconds. EIGRP is more complex than IGRP and RIP.
However, it is less
complex than OSPF to design, implement and support and provides
many benefits (p.
810). For these reasons, this document proposes implementing EIGRP
as the dynamic
routing protocol within the ARNe core.
EIGRP Operational Overview
Routers within an EIGRP topology maintain three tables that hold
information.
There are the Neighbor table, the Topology table, and the Routing
table. Upon boot up,
each router actively seeks out its neighbors and adds them to its
neighbor table. The
router then transfers its entire routing table to the neighboring
router(s). EIGRP then adds
all downstream routes to the destination routers to its topology
table. It then chooses one
or more routes as the best routes to the destination from the
topology table. When a
topology change occurs, the routers closest to the topology change
examine their
topology table for an alternate route to the destination and update
their upstream
neighbors on the route change if an alternate route is found. If an
alternate route is not
found, the router queries its neighbors for a new route. The
neighbors will examine their
27
topology tables for an alternate route and respond to the querying
router (Hill, 2002 p.
811).
The Diffusing Update Algorithm (DUAL) performs the internal
workings of
EIGRP and enables it to be an effective and efficient routing
protocol. EIGRP enabled
routers use a metric based on bandwidth and delay to select the
best route. Additionally,
DUAL defines a method for each router to calculate both the best
current route to a
destination as well as alternate routes to be used if there is a
failure. This alternate route is
called the feasible successor route (Odom, 2003 p. 419).
28
The Case for Cisco
With so many organizations operating from multiple locations, it is
paramount for
data, applications and services to be effectively extended to those
remote locations and
branch offices. This means that the network at the main branch must
be expanded to
include remote sites. Organizations such as Regis University are
engaged in extending its
services to several offsite locations and utilize a wide area
network to facilitate the
provisioning of information and services. Choosing the right
network equipment vendor
and solution is important as the decisions made here can affect the
quality and the overall
satisfaction of the WAN. Several factors influence the decision on
which WAN solution
and vendor should be used for interconnecting the ARNe network.
These factors include
flexibility, scalability, performance, management, and cost
factors. Since this document
focuses on a Cisco-centric solution, it will illustrate how the
proposed Cisco networking
solution meets these requirements or factors.
Flexibility
In designing the core routing architecture for ARNe, a flexible
solution would
better serve the needs of a growing and innovative organization
such as Regis is. Since
ARNe provides many opportunities for students to gain hands-on
experience and to work
with faculty to research and develop various technologies and
projects that further
enhance the goals of Regis, flexibility in all aspects of the
network build out is necessary.
Flexibility, in this, case, suggests that the routing platform
should not only meet the
current needs or services being used within ARNe but should be able
to provide
additional services, connectivity options and features whenever the
demand arises. For
instance, Regis may require additional data, firewall, VPN, IP
telephony and wireless
solutions eventually. And rather than having to purchase additional
equipment outside of
the current Cisco hardware, it would be ideal to be able to
integrate these features and
services within the current hardware inventory.
Cisco provides flexible solutions through its Integrated Service
Routers proposed
in this document. As mentioned in chapter two, the 2811 and 1841
ISR routers provide
29
modular platforms that enable Regis to integrate other features
besides IP routing. These
platforms enable services such as VPN, firewall, intrusion
prevention, IP telephony and
wireless to be integrated into the ARNe network at any time with
minimal cost. With the
core routing architecture being the main focus it is expected that
IP routing will be the
highlighted factor. However, it is good to be aware that the 2811
and 1841 ISR platforms
possess the flexibility that is likely to be leveraged at some
point in the future.
Scalability
When considering the purchasing or upgrading of networking
solutions, the
scalability—ability to grow with demand—of the solution is often
examined. Rybaczyk
(2005) states that a scalable solution facilitates the growth of a
business and, over a
period of time, it allows for incremental rather than
forklift-style upgrades. Further, a
scalable network solution allows for increase in the number of
users, amount of and type
of usage without post-deployment degradation of the network or the
need for dramatic
upgrades (p. 17).
Again, the modular design of the 2811 and 1841 ISR routers allow
them to scale
as the need arises. For instance, an increase in users on the ARNe
network will increase
traffic across the WAN, thus putting more demand on the routing
hardware and the
bandwidth used across each connection. The Cisco ISRs are already
designed to
accommodate many users while providing several services
simultaneously. However, in
the event that there is an increase in usage demand, additional RAM
and storage can be
added to the router, allowing it to process more requests and
services efficiently without
degradation. In the case of an increase in bandwidth demand,
additional WIC or HWIC
modules can be purchased and installed in the router and used to
connect additional
WAN connections such as point-to-point T1’s, frame relay or other
solutions. If a VPN is
used to connect users to the ARNe network or as an additional
site-to-site connection is
needed, the ISR router can offload the major processing of VPN
traffic to an optional
VPN acceleration card. This allows the router to process all
traffic without being affected
by an increase in VPN traffic.
30
Performance
Wide Area Networks are generally more expensive to build and
maintain than
local area networks, although the WAN bandwidth is much smaller
between sites. This
means that the core routers at ARNe’s perimeter have to receive
then process and manage
traffic coming from the each LAN before they cue and transmit the
packets across the
WAN to their destination. There are a number of traffic management
and shaping options
that can be configured on each Cisco ISR router in order to
optimize traffic flow. And
while the network administrator can configure the router to create
predictable traffic flow
patterns, the hardware and software of the 2811 and 1841 platforms
are still responsible
for routing traffic with optimum performance.
Cisco designed the ISR routers with major performance increases
over previous
platforms such as the 1700 and 2600 series. In an independent lab
study conducted by
InfoWorld that evaluated the 1800W and 2811 ISR routers running
several services
including telephony and wireless, both routers were given a nine
out of possible ten
points for performance (InfoWorld, 2006). Of course, actual
performance may vary in
each environment but this study gives an idea of the performance
level of these routers.
Configuration and Management
Configuring a router can be a complicated and complex exercise,
especially for
those who are inexperienced with that particular brand or model of
router. Cisco routers
are no exception. In fact, the most well known method for
configuring and managing a
Cisco router is by using the command line interface (CLI) of the
IOS. The CLI is similar
in appearance and context to the UNIX operating system command
shell. Network
administrators typically connect to the Cisco router through the
console port, serial
(AUX) connection or via telnet to access the CLI. Then he or she
would type commands
at the command prompt in order to configure and manage the router.
Figure 3-1 shows
the screenshot of a CLI session.
31
Figure 3 - 1. Cisco Command Line Interface.
The Cisco IOS that is included in the 2811 and 1841 ISR routers has
several
different modes, with each mode having a unique command prompt,
function and list of
commands. The User Exec mode, which is the first prompt seen when
connecting to the
router and passing the login, contains a limited set of commands,
such as ping, that are
fairly harmless to the router. The Privileged Exec mode, also known
as the enable mode,
is where the main configuration, observation and control of the
router take place. The
administrator access the enable mode by typing “enable” from the
User Exec mode.
There is also the Global Configuration mode where you configure the
router and program
IOS commands into its active configuration. The Global
Configuration mode is accessed
by entering “configure terminal” from Privileged Exec mode (Lee,
1999 p.330-4). There
are also Interface, Sub-interface, Line and other configuration
modes.
The CLI can be intimidating for some users, especially for
beginners; and
although it provides the most granular control of the router, the
CLI can take a while to
become proficient in. However, it is a powerful tool for
controlling the ISR routers.
Incidentally, there is a setup wizard that can help with the
initial configuration of the
router.
Alternatively, Cisco has provided the Security Device Manager
(SDM), which is
a built-in GUI that enables administrators to configure the router
from a within a web
browser—without the need to understand the CLI. The SDM is a Java
based management
32
application that consists of well-laid-out, frames-based
configuration dialog and can be
launched from a web session directly with the router. Almost all of
the configuration
options are available through SDM with a few exceptions (Venezia,
2006).
SDM enables organizations to quickly deploy error-free
configurations and avoid
potential network connectivity issues by “proactively monitoring
router performance
statistics, system logs, and firewall logs in real time” (Cisco
Systems web site).
Additionally,
Cisco SDM offers smart wizards and advanced configuration support
for LAN and WAN interfaces, Network Address Translation (NAT),
stateful and application firewall policy, IPS, IPSec VPN, QoS, and
NAC policy features. The firewall wizard allows a single- step
deployment of high, medium, or low firewall policy settings. Cisco
SDM also offers a one-click router lockdown and an innovative
security auditing capability to check and recommend changes to
router configuration based on ICSA Labs and Cisco TAC
recommendations (Cisco Systems web site).
The Cisco Router and Security Device Manager not only allows
administrators of
the ARNe network to get up to speed quickly on configuring and
managing the core
routers, but it also enables them to deploy error-free
configurations and to be able to
monitor and make appropriate changes on a consistent basis without
being very proficient
on using the CLI. They can then learn the CLI over time while
utilizing the SDM. See
figure 3-2, 3-3 below for screenshots of SDM in action.
33
Source: Cisco
(www.cisco.com/en/US/products/sw/secursw/ps5318)
Source: Tech Republic
(http://techrepublic.com.com/2346-1035_11-91987-2.html)
Cost Factor
Cost is obviously a major factor when considering the purchase of
network
equipment and support services. Cisco routers are at the higher end
of the scale when it
comes to cost. There are cheaper options, including an open source
alternative called
Vyatta (vyatta.org). The problem with Vyatta is that, although the
application is free to
download, you still have to procure and purchase hardware that is
fully compatible with
the operating system. Additionally, you may need (and should)
purchase support from
Vyatta or be prepared for many unproductive hours and erroneous
configurations. And,
another thing to consider is that the Vyatta OS is not that well
known, so expertise will be
limited. Other cheaper routers may not provide the robustness,
flexibility and scalability
of Cisco’s ISR routers; which may justify the higher cost of the
ISR series. Another
aspect to consider is that since the Cisco ISR routers support over
ninety existing and
new device modules, there is a very high possibility that
previously owned interface
modules will still work on the 2800 and 1800 platforms, thus
protecting your investment.
There are a number of options for purchasing the 2811 and 1841 ISR
routers.
There are Cisco partners and resellers all around the world. And
there is also the choice
of purchasing new or used. Another option is the popular eBay.
However, there are more
risks involved in purchasing equipment through this channel. One
reputable and highly
recommended reseller is CDW. The prices for the 2811 and 1841 vary
depending on the
IOS feature set as well as the options they come with. One of the
benefits of procuring
network equipment (as well as other items) from CDW is that
non-profit organizations
can receive discounted prices. The following figures (3-4 to 3-7)
are taken from the CDW
website (www.cdw.com).
Figure 3 - 6. Cisco WAN Adapter HWIC-4T (CDW)
Figure 3 - 7. Cisco WAN Adapter WIC-1DSU-T1-V2 (CDW)
The above CDW prices reflect the currently available pricing for
each item and
could change at any time. Also, these prices do not include any
discounts that Regis
University may be eligible for. The two WAN adapters will be
discussed later but are
recommended.
The Cisco 2800 and 1800 ISR routers provide the most flexibility,
scalability,
performance that will both meet and exceed the needs for deployment
in the ARNe core
network. The configuration and management options provide
administrators with the
choice of using the CLI or SDM so that concerns about complexity
can be reduced with
the Java-based GUI that SDM provides, as mentioned previously).
Cisco routing
platforms have permeated the many vertical industries and
organizations, which means
37
that there is a high possibility of locating individuals and
companies with Cisco expertise.
Numerous Cisco training materials can be easily located and vary in
content and cost.
Additionally, Cisco provides support contracts if necessary.
Understandably, there may
be concerns about being locked in to a particular vendor, in this
case Cisco. However,
this author believes that it is beneficial to develop a standard
platform that facilitates
easier configuration and management across the entire ARNe network.
In the event that
routers from other manufacturers need to be used in the WAN, Cisco
ISR routers can
share and update routing information with them using standard
protocols such as OSPF,
RIP, BGP (IETF RFC 1654) and IS-IS (IETF RFC 1195). Redistribution
can also be used
to distribute EIGRP information.
Building the ARNe WAN Core
As previously mentioned, the Cisco 2811 will be used as the core
router at the
main site in Denver, CO. Meanwhile, the Cisco 1841will be used as
the core router at
each remote location and will interconnect with the 2811 at the
main site to from the core
of ARNe.
Physical Design Characteristics
In the above sections of this chapter, under the cost factor sub
heading, there are
two interface modules listed along with the routers from the CDW
website. These
interface modules will be used to connect the physical router to
the CSU / DSU at each
location. The CSU / DSU is used by the local ISP to provision the
leased point-to-point
T1s or fractional T1s, depending on what is available at each
location.
38
The HWIC-4T is a high speed WAN interface card (HWIC) that provides
flexible
connections to the Cisco 1800 and 2800 ISR series routers. The
HWICs enable features
such as WAN aggregation, legacy protocol transport, console server,
and dial access
server and allow customers to tailor solutions to meet their needs.
The HWIC-4T
provides four high speed synchronous / asynchronous ports that
support a maximum of
8Mbps on each port simultaneously. They also support HDLC, SDLC,
PPP, Frame
Relay, SNA and X.25 protocols (Serial and Asynchronous High-Speed
WAN Interface
Cards, Cisco Systems, 2008).
The main site (DTC) will be the hub and therefore requires more T1
circuits
connected to it. By using the HWIC-4T module, more leased lines can
be connected to
the 2811 router and will provide the flexibility to scale from
fractional T1 speeds up to
8Mbps.
ISP
Cisco 2811 ISR router HWIC-4T CSU/DSU
The remote sites will currently only need one leased line to the
DTC. Therefore,
the 1841 ISR routers at each location will utilize the
WIC-1DSU-T1-V2 interface module
for connecting to the leased circuit. The WIC-1DSU-T1-V2 is a fully
integrated and
managed CSU / DSU WAN interface card designed for T1 or fractional
T1 service. It is a
cost-effective, combined DSU/CSU solution that reduces the amount
of cabling and
devices required for establishing a T1 connection. The CSU/DSU can
be configured at
39
the router using the familiar CLI, eliminating the need for an
external CSU/DSU (T1
DSU/CSU WAN interface card (WIC-1DSU-T1-V2) Cisco Systems, 2005
p.2).
Figure 3 - 9. Remote Sites Physical Connection.
ISP
WAN Design Characteristics
The ARNe WAN will be designed in a star or hub and spoke topology.
The star,
while not as fault tolerant as the full mesh topology, will provide
simpler management
and reduced costs for the ARNe WAN.
40
Colorado Springs
Adult Learning Ctr.
Using this star topology means that all traffic will be routed
through the core
router to communicate with hosts at the main site or at other
locations. This configuration
allows administrators to manage the core more efficiently and
enables critical issues such
as security to be monitored and managed from a centralized
location. Network
performance can be a concern when dealing with star WAN topologies.
The 2811 and
1841 routers are well capable of handling the traffic level that is
likely to be experienced
on ARN and scale well in the event that network usage level
increases.
Core Layer Management and Protocols
The core layer is the high-speed backbone of the network and, in
addition to the
reliability and scalability requirements, the backbone should be
designed for optimal
performance. You should use routing features that optimize packet
throughput when
configuring core layer routers. The core should be optimized for
low latency and good
41
manageability and should have a limited and consistent diameter;
this facilitates
predictable performance and ease of troubleshooting. Furthermore,
external connections
to other organizations’ networks, such as extranets, or remote
sites connection to the
Internet should be centralized in the core thus reducing complexity
and potential routing
problems, as well as reducing security risks. Forcing all external
access to pass through
the core network essentially means that you would only have one
security structure to
administer (Oppenheimer, 2004 p.142).
To optimize performance in the core layer, the EIGRP protocol
should be
enabled for IP routing among core routers. As discussed in chapter
two, Cisco’s EIGRP
protocol is considered a hybrid protocol and combines the best
features of distance vector
and link state protocols. It reduces network and router overhead by
multicasting routing
updates, sending routing updates only when a network change is
detected, updating only
the routers that need to be aware of the topology change, and
sending only changes to the
routing table rather than the entire table. EIGRP will minimize
routing traffic, while
ensuring that packets are routed to their destination using the
optimal path. Static routing
can also be used in combination with EIGRP.
Chapter 4: Conclusion
The Regis Academic Research Network provides interconnection
between sites
affiliated with Regis University. ARNe enables faculty and students
to access data and
services from remote locations as well as the main site in Denver,
CO. The core network
layer of ARNe consists of several different brands of routers that
interconnect the WAN
and provides transmission of packets to hosts among the sites. This
current architecture of
the core layer is being evaluated with the intention of replacing
elements within the core
as well as possibly making topology and configuration changes. Some
of these changes
are necessitated by the need to begin several projects, to complete
others and to prepare
for future projects at Regis.
Students in the School of Computing and Information Sciences have
the
opportunity to work on projects in the Academic Research Network by
taking part in a
practicum project within the Systems Engineering and Application
Development (SEAD)
program. This project is as a result of being involved in the SEAD
practicum and being
assigned into the Network group. There are other projects that
being developed that will
leverage some aspect of ARNe. Some projects have been put on hold
awaiting the
completion of routing core upgrades.
During the research of this project, every effort has been made to
separate the real
facts from the marketing hype found in product brochures. This can
be challenging
especially when focusing the solution on a particular vendor’s
product—in this case it
was Cisco. By beginning with certain criteria that ideally
addresses requirements that this
author believes are important to Regis, Cisco’s products were
carefully examined to
determine if they realistically met these requirements. This
document does not guarantee
flawless performance if the proposed solution is implemented. But
this author does
43
believe that the proposal justifies the implementation of a
Cisco-centric solution at
ARNe’s core layer. If this proposal be accepted, either completely
or partially, the
persons actually involved in implementing it would obviously have
the opportunity to test
it and make any modifications necessary that will enable the
equipment, protocols and
design to align more closely with projects that they are
developing.
The Cisco routers in the Integrated Service Router series are ideal
solutions for
the core layer. They not only provide a routing platform but they
would allow Regis to
run simultaneous, secured data, voice and IP telephony services on
the same platform.
The Cisco 1841 and 2811 routers are modular platforms that allow
the addition of
interface cards that expand the services and features running on
each device. This
flexibility will benefit an academic organization that is often
researching and developing
new ideas and projects, and providing innovative connectivity
solutions and enhanced
learning experiences for students. As more users, services and data
requests traverse the
WAN, it is reassuring to know that the 1841 and 2811 routers are
scalable and will
continue to provide additional requests without degradation.
Processing and transmission
of packets and routing updates are improved over Cisco’s previous
2600 platforms, and
VPN performance in larger deployments can be further enhanced with
the optional VPN
acceleration module.
Although the cost and management, in terms of using the CLI can be
a hindrance,
they, hopefully, should not be obstacles to considering Cisco’s
2811 and 1841 ISR
routers in this case. These platforms provide many inherent
benefits and would be solid,
feature-laden “workhorses” within the core layer of the Academic
Research Network.
44
Next Steps:
The proposed solutions should be evaluated initially in a lab-type
setting. For
instance, in order to test the performance, capabilities,
manageability and the overall
feasibility of the solutions in this document adequately
facilitating the needs of Regis
University’s and ARNe projects, a lab with both Cisco routing
platforms should be set up
prior to any rollout plans. The lab should simulate a possible core
WAN that will be
featured in ARNe a well as scaled down LAN applications that will
be used at various
sites. For example, a VOIP project with as many IP phones as
possible, web servers,
application servers and other pc’s and network equipment could be
connected to the LAN
facing interface. Because WANs are usually slower that LAN
connections, Cisco serial
WICs should be used to interconnect the test core WAN. To further
resemble the typical
WAN speeds, interface bit rates can be adjusted to more closely
evaluate the performance
of applications utilizing the WAN. Routing protocols could also be
evaluated to
determine if EIGRP will meet present and future requirements.
In order to build a reasonable testing environment without major
capital
investment, Regis should consider renting the equipment before
making any major
purchases. Companies such as Digital Warehouse
(digitalwarehouse.com) and Penn
Computer Corporation (penncomputer.com) rent Cisco equipment for
various projects.
Renting provides flexibility in choosing different routers,
hardware and configurations.
During the lab testing phase, Regis University should be in
discussion with the
ISPs that will be servicing each location to determine the
bandwidth requirements as well
as circuit and interconnectivity options in order to simulate these
conditions as best as
Additional projects could include a more in depth study on the
routing process
and protocols at the core, with the intent of architecting a new
logical scheme that will
feature the adoption of the EIGRP protocol. This may involve
running EIGRP alongside
other routing protocols, if possible, and then completely phasing
it in when Cisco routers
have been put in place.
Other projects could involve leveraging the IP telephony
capabilities of the ISR
routers. While there is already a VoIP project developing, it could
be extended by rolling
out Unified Communication to the other remote sites; streamlining
communication and
reducing costs.
The ISR routers can provide wireless LAN capability if needed.
Depending on the
situation at some of the remote sites, projects can be developed to
utilize this feature of
the routers. By using an integrated wireless function, rather than
purchasing external
access points, deployment costs can be reduced.
46
Reference:
Bruno, A. (2004). CCDA Exam Certification Guide. Indianapolis:
Cisco Press.
Cisco Systems. (2000). CCIE Fundamentals: Network Design and Case
Studies.
Indianapolis: Cisco Press.
Cisco Systems. (2005). Cisco T1 DSU/CSU WAN interface card
(WIC-1DSU-T1-V2).
Cisco.
Cisco Systems. (2008). Serial and Asynchronous High-Speed WAN
Interface Cards for
Cisco 1800, 2800, and 3800 Series Integrated Services Routers.
Cisco.
Cisco Systems. (n.d.). Cisco Router and Security Device Manager.
Retrieved July 18,
2009, from Cisco Systems:
http://www.cisco.com/en/US/products/sw/secursw/ps5318/
Cisco. (2008). Cisco 1800 Series Integrated Services Routers: Cisco
1841 Router
(modular). Retrieved June 4, 2009, from Cisco Systems:
http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet09
00aecd8016a59b.pdf
Cisco. (2008). Cisco 2800 Series Integrated Services Routers.
Retrieved June 2, 2009,
from Cisco Systems:
Doherty, J., Anderson, N., & Della Maggiora, P. (2008). Cisco
Networking Simplified
(2nd Ed.). Indianapolis: Cisco Press.
Internet Engineering Task Force. A Border Gateway Protocol 4
(BGP-4). (RFC 1654).
Retrieved September 12, 2009 from IETF website:
http://tools.ietf.org/html/rfc1654
Internet Engineering Task Force. OSPF Version 2. (RFC 2328).
Retrieved September 13,
2009 from IETF website:
http://www.ietf.org/rfc/rfc2328.txt?number=2328
Internet Engineering Task Force. Routing Information Protocol. (RFC
1058). Retrieved
September 13, 2009 from IETF website:
http://tools.ietf.org/html/rfc1058
Internet Engineering Task Force. Use of OSI IS-IS for Routing in
TCP/IP and Dual
Environments. (RFC 1195). Retrieved September 12, 2009 from IETF
website:
http://www.ietf.org/rfc/rfc1195.txt
ITIL (2009). What is ITIL? Retrieved September 13, 2009 from ITIL
website:
http://www.itil-officialsite.com/AboutITIL/WhatisITIL.asp
Lee, D. C. (1999). Enhanced IP Services for Cisco Networks.
Indianapolis.
Macfarlane, James. "Chapter 10 - Redistribution and Default
Routing". Network Routing
Basics: Understanding IP Routing in Cisco Systems. John Wiley &
Sons. © 2006.
Books24x7.
<http://common.books24x7.com.dml.regis.edu/book/id_17060/book.asp>
(accessed September 12, 2009)
McGovern, J. et al (2004). A practical guide to enterprise
architecture. New Jersey:
Prentice Hall.
Odom, W. (2003). CCNA Intro Exam Certification Guide. Indianapolis:
Cisco Press.
Oppenheimer, P. (2004). Top-Down Network Design (2nd Ed.).
Indianapolis: Cisco
Press.
Regis SEAD group. (n.d.). Practicum Info. Retrieved July 24, 2009,
from Systems
Engineering and Application Development Practicum site:
http://trackit.arn.regis.edu/sead/new_page1.htm
Rybaczyk, P. (2005). Cisco Network Design Solutions for
Small-Medium Businesses.
Indianapolis: Cisco Press.
Venezia, P. (2006, April 6). Cisco delivers service-stuffed
routers. Retrieved June 20,
2009, from InfoWorld:
http://www.infoworld.com/d/security-central/cisco
Ingrimar James
Recommended Citation